Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exp is not mandated in request objects #348

Open
jogu opened this issue Nov 27, 2024 · 0 comments
Open

exp is not mandated in request objects #348

jogu opened this issue Nov 27, 2024 · 0 comments
Labels
non-breaking
Milestone
1.1

Comments

@jogu
Copy link
Collaborator

jogu commented Nov 27, 2024
edited
Loading

VP doesn't say anything about exp in request objects.

JAR also doesn't say anything, meaning we inherit the default behaviour from the JWT RFC, namely that exp is entirely optional (but wallets must respect it if it's there).

Maybe we want to say exp is required. Not sure if we want to say anything about iat / nbf too but they're in the same situation of being entirely optional for verifiers to use.
@Sakurann Sakurann added this to the 1.1 milestone Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
non-breaking
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
2 participants
@jogu @Sakurann